Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
File:                     aebec422-5453-4842-a3d0-552a331eb4af.roa (raw, json)
Hash identifier:          5u7IAUp3DnJZauoGbAtLgqHUhIrCRVO+uBeysSiognk=
Subject key identifier:   D2:18:0B:53:CA:48:A5:DA:61:04:13:75:7E:96:54:DD:F6:4B:A3:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E97551BC8C1ADDAEEF541788F534B822C6EB8D5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:97:55:1b:c8:c1:ad:da:ee:f5:41:78:8f:53:4b:82:2c:6e:b8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=c91bf816c79faafdffa4481c3a6ea81f857a9daf1f13f953d76b1a855fbafdab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:13:00:fc:41:b1:b6:3d:3a:ff:3e:46:9a:1c:
                    ce:ca:48:72:bb:0a:3d:06:cc:68:ab:8d:0a:4d:ac:
                    33:bb:b3:f3:9f:18:ff:5d:dc:51:41:4b:95:fb:62:
                    2d:b9:94:6c:cd:e1:2e:bc:71:57:76:ac:96:50:c4:
                    40:46:50:2b:21:bd:d6:c2:d0:fb:d3:4a:06:36:1f:
                    61:6b:12:f2:43:c7:80:c5:51:c7:77:98:d0:83:5e:
                    db:b6:3e:8b:47:94:81:68:f5:89:e8:59:10:51:e8:
                    c6:88:7a:07:7d:6e:3a:4b:45:5d:39:8c:0c:d1:5c:
                    12:f0:27:cb:ca:3c:f1:be:74:08:be:05:d1:23:15:
                    3f:14:67:7c:a2:b5:84:ac:9e:e1:eb:2e:74:77:b8:
                    7d:76:5a:60:e8:22:e7:b7:e2:a6:d1:25:ca:03:2a:
                    cc:3b:7b:2f:13:e7:f9:9f:fd:d5:f1:f0:0e:f1:56:
                    d4:cf:76:b8:3e:43:d0:9b:47:2c:0e:a1:5a:d5:a8:
                    50:2a:b6:66:1b:da:1c:20:23:3d:e5:9c:1a:8a:e2:
                    2f:7b:b6:eb:16:bf:02:ef:12:81:ec:a6:a6:aa:7d:
                    5f:08:91:04:46:ba:ff:fe:eb:a0:1b:ea:b0:b2:48:
                    dc:85:e4:27:a7:b6:42:b2:49:8e:9c:b2:2a:6d:7f:
                    f9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:18:0B:53:CA:48:A5:DA:61:04:13:75:7E:96:54:DD:F6:4B:A3:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         84:3a:37:68:84:73:14:29:4a:46:df:49:a9:c7:d1:12:c3:4b:
         f1:04:e4:d2:84:9e:8a:c8:ef:37:0f:f4:a9:20:47:27:7c:35:
         1d:bd:e9:84:99:82:a9:6b:be:f9:fb:51:92:32:c7:31:4b:ec:
         91:ae:6f:85:aa:81:c6:5a:de:9e:79:7a:2b:43:18:f3:db:b1:
         65:ae:3e:45:a9:4c:6b:df:7d:88:20:70:97:aa:e4:9b:6d:fb:
         9e:8f:98:0a:84:44:65:7b:d9:a5:74:f5:6a:ad:ca:b3:54:a9:
         db:35:7f:e3:62:a0:c8:6f:22:34:c4:ff:66:81:9c:1a:3d:90:
         12:b5:97:a8:5c:3a:8c:88:74:f0:74:2c:7f:2f:e1:d6:2a:d1:
         73:6c:01:ea:4c:36:74:71:47:5e:5e:2c:1c:9f:66:d6:58:c7:
         78:4f:54:b7:46:d4:93:12:8b:d2:13:5b:21:87:7b:94:82:13:
         9f:28:04:28:73:71:0c:13:10:70:92:9e:df:9d:ee:ef:59:01:
         f4:a3:f2:47:d2:06:17:9c:8e:c2:38:6c:fc:de:05:32:b7:5c:
         96:69:c2:1e:6e:81:75:07:48:fa:17:6b:33:9b:f1:d4:b3:5c:
         1f:0d:c9:d7:12:15:bd:2c:49:7e:66:2e:3a:33:68:52:fa:c1:
         61:16:af:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPpdVG8jBrdru9UF4j1NLgixuuNUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTFiZjgxNmM3OWZhYWZkZmZhNDQ4MWMzYTZlYTgxZjg1
N2E5ZGFmMWYxM2Y5NTNkNzZiMWE4NTVmYmFmZGFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTEwD8QbG2PTr/PkaaHM7KSHK7Cj0GzGirjQpNrDO7s/Of
GP9d3FFBS5X7Yi25lGzN4S68cVd2rJZQxEBGUCshvdbC0PvTSgY2H2FrEvJDx4DF
Ucd3mNCDXtu2PotHlIFo9YnoWRBR6MaIegd9bjpLRV05jAzRXBLwJ8vKPPG+dAi+
BdEjFT8UZ3yitYSsnuHrLnR3uH12WmDoIue34qbRJcoDKsw7ey8T5/mf/dXx8A7x
VtTPdrg+Q9CbRywOoVrVqFAqtmYb2hwgIz3lnBqK4i97tusWvwLvEoHspqaqfV8I
kQRGuv/+66Ab6rCySNyF5CentkKySY6csiptf/lRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0hgLU8pIpdphBBN1fpZU3fZLo1cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlYmVjNDIyLTU0NTMtNDg0Mi1hM2QwLTU1MmEzMzFlYjRhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIEoAwDQYJKoZIhvcNAQELBQADggEBAIQ6N2iEcxQpSkbfSanH0RLDS/EE
5NKEnorI7zcP9KkgRyd8NR296YSZgqlrvvn7UZIyxzFL7JGub4WqgcZa3p55eitD
GPPbsWWuPkWpTGvffYggcJeq5Jtt+56PmAqERGV72aV09WqtyrNUqds1f+NioMhv
IjTE/2aBnBo9kBK1l6hcOoyIdPB0LH8v4dYq0XNsAepMNnRxR15eLByfZtZYx3hP
VLdG1JMSi9ITWyGHe5SCE58oBChzcQwTEHCSnt+d7u9ZAfSj8kfSBhecjsI4bPze
BTK3XJZpwh5ugXUHSPoXazOb8dSzXB8NydcSFb0sSX5mLjozaFL6wWEWr/Q=
-----END CERTIFICATE-----